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AUTHENTICATED EXCHANGE OF PUBLIC INFORMATION USING ELECTRONIC 

MAIL 

FIELD OF THE INVENTION 

[0001] This invention pertains generally to the field of information security and more 
specifically to authentication protocols. 

BACKGROUND OF THE INVENTION 

[0002] A common form of communications between computers connected to the Internet 
follows a paradigm known in the industry as client-server. For example, existing servers are 
email servers, web servers, file servers, online banking servers, etc. Clients include home 
personal computers, office personal computers, laptop computers, hand-held devices, wireless 
digital telephones, etc. The various client devices connect and interact with the various server 
devices. In this model the different servers employ their own ways of authenticating and 
authorizing the client devices that connect with them. For example, some email servers issue 
and use pre-registered identities to authenticate and authorize. Some banking organizations use 
their own member identification and password databases to do the authentication and 
authorization. So a given client device, say a personal computer at home, needs to conform to 
the differing authentication methods enforced by the different servers with which it connects 
and interacts. In the client-server model, the broad problem of how two interacting computers 
"recognize" one another currently is solved by making the server computer enforce its 
preferences unilaterally on the client computer. 

[0003] Ahhough the above-described model works well for client-server interaction, it 
becomes impractical for interactions between the various client machines themselves. The 
industry terminology for such interaction between various client devices is called peer-to-peer 
(P2P) communications. In this case, neither client computer can force its authentication 
preferences on the other. For example, consider the desire for a first user, Alice, to share and 
exchange videos and pictures from her personal computer with a second user, Bob, who also 
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has a personal computer. Bob may wish to authenticate Alice, in order to be confident that the 
videos and pictures are indeed being sent by her, rather than being sent by an imposter. 
[0004] Additionally, Alice may wish to transmit the videos and pictures securely using an 
encryption technique such as RS A, so that an eavesdropper cannot view the videos or pictures. 
RS A is a public-key cryptography technique whereby anyone can encrypt data for a given user 
with the user's public-key, but only the user can decrypt the data by using the corresponding 
private-key. Thus, Alice and Bob need to first exchange their respective public-keys in order to 
establish the secure channel per the RSA algorithm. Exchanging public-keys is not a trivial 
task. Charlie, a malicious hacker, could try to "sit in the middle" of the key exchange 
communication. Charlie sends his own public-key to Alice, but pretending to be Bob; he sends 
his own public-key to Bob, but pretending to be Alice. Given that this initial key exchange 
communication is itself not secure, there is no simple way for Alice and Bob to realize that 
Charlie is "in the middle". If they fall for Charlie's ploy and start communicating using his 
key, he can act £is the middle-man and pass all the communications between Alice and Bob, but 
be able to eavesdrop on all the content being passed back and forth. And of course he can 
make this even worse by changing the passed content as well. 

[0005] Thus, Alice and Bob have a problem of how they can confidently "bootstrap" the 
exchange of public keys onto their communications session. More generally, the bootstrapping 
problem in a P2P setting involves exchanging any sort of public data or digital object such that 
the recipient is confident it came firom the purported sender. 
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BRIEF SUMMARY OF THE INVENTION 

[0006] Embodiments of the invention use the popular Simple Mail Transport Protocol 
(SMTP) for email exchange, to solve the bootstrapping problem of computer identities, for P2P 
communication. Typically this is a prerequisite for using algorithms like RSA that establish a 
logically secure communication channel over a physically insecure network. With the RSA 
algorithm the bootstrapping problem is one of how to have two peer computers exchange their 
mutual Public Keys without third party mediation (like Certificate Authorities). With other 
algorithms or technologies, the data involved in such a bootstrapping problem may be different, 
but the underlying problem of exchanging some public data with the confidence that there is no 
spoofing is the same. 

[0007] Embodiments of the invention use existing electronic mail protocols, such as SMTP, 
to authenticate the exchange of public information. If the electronic mail protocols are strong; 
in that sending an email message to a given address results in the message reaching that address 
with a high degree of confidence, then the exchange of public information performed in 
accordance with embodiments of the invention is authenticated. 

[0008] In one aspect of the invention, a method is provided for authenticating the sender of 
a digital object, comprising generating a first unique identifier (UID), transmitting to a 
previously known address, via an electronic mail protocol, a first message comprising the first 
UID, receiving, via the electronic mail protocol, a second message comprising a second UID 
and a copy of the first UID, and transmitting to the previously known address, via the electronic 
mail protocol, a third message comprising a copy of the second UID, wherein at least one of the 
messages transmitted to the previously known address further comprises the digital object. In 
one embodiment of the invention, the digital object is a public key for a cryptographic system. 
In embodiments of the invention, the electronic mail protocol comprises a mail server operating 
the Simple Mail Transport Protocol (SMTP). 

[0009] In another aspect of the invention, a method is provided for authenticating the 
sender of a digital object, comprising receiving, via an electronic mail protocol, a first message 
comprising a first unique identifier (UID), generating a second UID, transmitting to a 
previously known address, via the electronic mail protocol, a second message comprising the 
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second UID and a copy of the first UID, and receiving, via the electronic mail protocol, a third 
message comprising a copy of the second UID, wherein at least one of the messages received 
further comprises the digital object. In one embodiment, the digital object is a public key for a 
cryptographic system. In embodiments of the invention, the electronic mail protocol comprises 
a mail server operating the Simple Mail Transport Protocol (SMTP). 
[0010] In another aspect of the invention, a computer-readable medium including 
computer-executable instructions is provided for facilitating authenticating a sender of a digital 
object, computer-executable instructions executing the steps of generating a first unique 
identifier (UID), transmitting to a previously known address, via an electronic mail protocol, a 
first message comprising the first UID, receiving, via the electronic mail protocol, a second 
message comprising a second UID and a copy of the first UID, and transmitting to the 
previously known address, via the electronic mail protocol, a third message comprising a copy 
of the second UID, wherein at least one of the messages transmitted to the previously known 
address fiirther comprises the digital object. In embodiments of the invention, the digital object 
is a public key for a cryptographic system. In embodiments of the invention, the electronic 
mail protocol comprises a mail server operating the Simple Mail Transport Protocol (SMTP). 
[0011] The present invention, viewed another way, comprises an apparatus is provided for 
authenticating the sender of a digital object, comprising a random number generator generating 
a first unique identifier (UID), a network interface transmitting to a previously known address, 
via an electronic mail protocol, a first message comprising the first UID, the network interface 
receiving, via the electronic mail protocol, a second message comprising a second UID and a 
copy of the first UID, and the network interface transmitting to the previously known address, 
via the electronic mail protocol, a third message comprising a copy of the second UID, wherein 
at least one of the messages transmitted to the previously known address further comprises the 
digital object. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

[0012] While the appended claims set forth the features of the present invention with 
particularity, the invention and its advantages are best understood from the following detailed 
description taken in conjunction with the accompanying drawings, of which: 
[00131 Figure 1 is a simplified schematic diagram illustrating an exemplary architecture of 
a computing device for carrying out an authentication protocol, in accordance with an 
embodiment of the invention; 

[0014] Figure 2 is an exemplary network communication arrangement for authenticating 
the sender of a digital object, in accordance with an embodiment of the invention; 
[0015] Figure 3 illustrates an exemplary component architectures for use in authentication, 
in accordance with an embodiment of the invention; 

[0016] Figure 4 illustrates a sample electronic mail message for use in sending and 
authenticating, in accordance with an embodiment of the invention; 

[0017] Figure 5 depicts a flow diagram showing a protocol for authenticating the sender of 
an digital object, in accordance with an embodiment of the invention; 
[0018] Figure 6 is a flow diagram illustrating a sender-employed method for use in 
authenticating a sender of a digital object, according to an embodiment of the invention; and 
[0019] Figure 7 is a flow diagram illustrating a receiver-employed method for use in 
authenticating a sender of a digital object, according to an embodiment of the invention. 

DETAILED DESCRIPTION OF THE INVENTION 

[0020] The methods and systems supporting secure key exchanges using email will now be 
described with respect to a number of embodiments; however, the methods and systems of the 
invention are not limited to the illustrated embodiments. Moreover, the skilled artisan will 
readily appreciate that the methods and systems described herein are merely exemplary and that 
variations can be made without departing from the spirit and scope of the invention. 
[0021] The invention will be more completely understood through the following detailed 
description, which should be read in conjunction with the attached drawings. In this 
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description, like numbers refer to similar elements within various embodiments of the present 
invention.The invention is illustrated as being implemented in a suitable computing 
environment. Although not required, the invention will be described in the general context of 
computer-executable instructions, such as procedures, being executed by a personal computer. 
Generally, procedures include program modules, routines, functions, programs, objects, 
components, data structures, etc. that perform particular tasks or implement particular abstract 
data types. Moreover, those skilled in the art will appreciate that the invention may be 
practiced with other computer system configurations, including hand-held devices, multi- 
processor systems, microprocessor based or programmable consumer electronics, network PCs, 
minicomputers, mainframe computers, and the like. The invention may also be practiced in 
distributed computing environments where tasks are performed by remote processing devices 
that are linked through a communications network. In a distributed computing environment, 
program modules may be located in both local and remote memory storage devices. The term 
computer system may be used to refer to a system of computers such as may be found in a 
distributed computing environment. 

[0023] Figure 1 illustrates an example of a suitable computing system environment 1 00 on 
which the invention may be implemented. The computing system environment 100 is only one 
example of a suitable computing environment and is not intended to suggest any limitation as 
to the scope of use or functionality of the invention. Neither should the computing 
environment 100 be interpreted as having any dependency or requirement relating to any one or 
combination of components illustrated in the exemplary operating environment 100. Although 
one embodiment of the invention does include each component illustrated in the exemplary 
operating environment 1 00, another more typical embodiment of the invention excludes non- 
essential components, for example, input/output devices other than those required for network 
communications. 

[0024] With reference to Figure 1, an exemplary system for implementing the invention 
includes a general purpose computing device in the form of a computer 110. Components of 
the computer 1 10 may include, but are not limited to, a processing unit 120, a system memory 
130, and a system bus 121 that couples various system components including the system 
memory to the processing unit 120. The system bus 121 may be any of several types of bus 
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Structures including a memory bus or memory controller, a peripheral bus, and a local bus 
using any of a variety of bus architectures. By way of example, and not limitation, such 
architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture 
(MCA) bus, Enhanced ISA (EISA) bus. Video Electronics Standards Association (VESA) local 
bus, and Peripheral Component Interconnect (PCI) bus also known as Mezzanine bus. 
[0025] The computer 1 10 typically includes a variety of computer readable media. 
Computer readable media can be any available media that can be accessed by the computer 110 
and includes both volatile and nonvolatile media, and removable and non-removable media. 
By way of example, and not limitation, computer readable media may comprise computer 
storage media and communication media. Computer storage media includes volatile and 
nonvolatile, removable and non-removable media implemented in any method or technology 
for storage of information such as computer readable instructions, data structures, program 
modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, 
EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) 
or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other 
magnetic storage devices, or any other medium which can be used to store the desired 
information and which can be accessed by the computer 110. Communication media typically 
embodies computer readable instructions, data structures, program modules or other data in a 
modulated data signal such as a carrier wave or other transport mechanism and includes any 
information delivery media. The term "modulated data signal" means a signal that has one or 
more of its characteristics set or changed in such a marmer as to encode information in the 
signal. By way of example, and not limitation, communication media includes wired media 
such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, 
infrared and other wireless media. Combinations of the any of the above should also be 
included within the scope of computer readable media. 

[0026] The system memory 130 includes computer storage media in the form of volatile 
and/or nonvolatile memory such as read only memory (ROM) 131 and random access memory 
(RAM) 132. A basic input/output system 133 (BIOS), containing the basic routines that help to 
transfer information between elements within computer 1 10, such as during start-up, is 
typically stored in ROM 131. RAM 132 typically contains data and/or program modules that 
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are immediately accessible to and/or presently being operated on by processing unit 120. By 
way of example, and not limitation, Figure 1 illustrates operating system 134, application 
programs 135, other program modules 136 and program data 137. 
[0027] The computer 110 may also include other removable/non-removable, 
volatile/nonvolatile computer storage media. By way of example only, Figure 1 illustrates a 
hard disk drive 141 that reads from or writes to non-removable, nonvolatile magnetic media, a 
magnetic disk drive 151 that reads from or writes to a removable, nonvolatile magnetic disk 
152, and an optical disk drive 1 55 that reads from or writes to a removable, nonvolatile optical 
disk 156 such as a CD ROM or other optical media. Other removable/non-removable, 
volatile/nonvolatile computer storage media that can be used in the exemplary operating 
environment include, but are not limited to, magnetic tape cassettes, flash memory cards, 
digital versatile disks, digital video tape, solid state RAM, solid state ROM, SmartCards, 
SecureDigital cards, SmartMedia cards, CompactFlash cards and the like. The hard disk drive 
141 is typically connected to the system bus 121 through a non-removable memory interface 
such as interface 140, and magnetic disk drive 151 and optical disk drive 155 are typically 
connected to the system bus 121 by a removable memory interface, such as interface 150. 
[0028] The drives and their associated computer storage media, discussed above and 
illustrated in Figure 1 , provide storage of computer readable instructions, data structures, 
program modules and other data for the computer 1 10. In Figure 1, for example, hard disk 
drive 141 is illustrated as storing operating system 144, application programs 145, other 
program modules 146 and program data 147. Note that these components can either be the 
same as or different from operating system 134, application programs 135, other program 
modules 136, and program data 137. Operating system 144, application programs 145, other 
program modules 146, and program data 147 are given different numbers hereto illustrate that, 
at a minimum, they are different copies. A user may enter commands and information into the 
computer 1 10 through input devices such as a tablet, or electronic digitizer, 164, a microphone 
163, a keyboard 162 and pointing device 161, commonly referred to as a mouse, trackball or 
touch pad. Other input devices (not shown) may include a joystick, game pad, satellite dish, 
scanner, or the like. These and other input devices are often connected to the processing unit 
120 through a user input interface 160 that is coupled to the system bus, but may be connected 
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by Other interface and bus structures, such as a parallel port, game port or a universal serial bus 
(USB). A monitor 191 or other type of display device is also connected to the system bus 121 
via an interface, such as a video interface 190. The monitor 191 may also be integrated with a 
touch-screen panel or the like. Note that the monitor and/or touch screen panel can be 
physically coupled to a housing in which the computing device 1 10 is incorporated, such as in a 
tablet-type personal computer. In addition, computers such as the computing device 1 10 may 
also include other peripheral output devices such as speakers 197 and printer 196, which may 
be connected through an output peripheral interface 194 or the like. 
[0029] The computer 1 1 0 may operate in a networked environment using logical 
connections to one or more remote computers, such as a remote computer 1 80. The remote 
computer 1 80 may be a personal computer, a server, a router, a network PC, a peer device or 
other common network node, and typically includes many or all of the elements described 
above relative to the computer 1 10, although only a memory storage device 181 has been 
illustrated in Figure 1. The logical connections depicted in Figure 1 include a local area 
network (LAN) 171 and a wide area network (WAN) 173, but may also include other networks. 
Such networking environments are commonplace in offices, enterprise-wide computer 
networks, intranets and the Internet. For example, in the present invention, the computer 110 
may comprise the source machine from which data is being migrated, and the remote computer 
180 may comprise the destination machine. Note however that source and destination 
machines need not be connected by a network or any other means, but instead, data may be 
migrated via any media capable of being written by the source platform and read by the 
destination platform or platforms. 

[0030] When used in a LAN networking environment, the computer 1 10 is connected to the 
LAN 171 through a network interface or adapter 170. Altematively, the computer 1 10 contains 
a wireless LAN network interface operating on, for example, the 802.1 lb protocol, allowing 
the computer 1 1 0 to connect to the LAN 171 without a physical connection. When used in a 
WAN networking environment, the computer 110 typically includes a modem 172 or other 
means for establishing communications over the WAN 173, such as the Internet. The modem 
172, which may be internal or external, may be connected to the system bus 121 via the user 
input interface 160 or other appropriate mechanism. Altematively, the computer 110 contains a 
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wireless WAN network interface operating over, for example, the General Packet Radio 
Service (GPRS), allowing the computer 110 to connect to the WAN 173 without a physical 
connection. In a networked environment, program modules depicted relative to the computer 
1 10, or portions thereof, may be stored in the remote memory storage device. By way of 
example, and not limitation. Figure 1 illustrates remote application programs 185 as residing on 
memory device 181. It will be appreciated that the network connections shown are exemplary 
and other means of establishing a communications link between the computers may be used. 
Additionally, variations of the computer 110 may be incorporated into other exemplary systems 
for implementing the invention, such as cellular phones, personal digital assistants, and the like. 
[0031] The invention is potentially incorporated into computing devices/machines used in a 
variety of networking environments. Tuming to Figure 2, a simple example of a networking 
environment is depicted wherein the invention can be exploited. A first computer 202, used by 
a user "A" who wishes to transmit his public encryption key to user "B" via email, 
communicates with a mail server 204. The computer 202 contains, for example, a mail 
application with which user "A" composes messages and transmits them to the mail server 204. 
The mail server 204 uses a known and accepted mail protocol, such as the Simple Mail 
Transport Protocol (SMTP) to transmit electronic messages. A message created by user "A" 
typically contains an address for a recipient in the form of "userB@domain.com". The 
characters to the right of the '@' symbol, "domain.com" in this example, comprise the domain 
name, which is a logical domain for a computer receiving mail for user "B". The mail server 
204 obtains a corresponding physical address for the logical address by querying a Domain 
Name System (DNS) server 206. The DNS server 206 belongs to a hierarchy of distributed 
DNS servers, which serves as mapping service between logical addresses and physical 
addresses. The physical address takes the form of an Internet Protocol (IP) address, which 
identifies a computer 208 on the Internet 210. Embodiments of the invention establish a secure 
communications channel between the sending mail server 204 and the receiving mail server 
212 by using Transport Layer Security (TLS), ensuring that communications between the two 
servers cannot be eavesdropped. The mail server 204 sends the email message with the 
obtained physical address using the TCP/IP protocol, causing it to be routed over the Internet 
210. The message reaches a computer 208 associated with the IP address that acts as a mail 
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server for user "B". User "B", the intended recipient of the message, uses a computer 212 to 
obtain email messages intended for him. Computer 212 communicates with mail server 208 
and receives the appropriate messages. Similarly, when user "B" attempts to send an email 
message over the Internet 210, the mail server 208 queries a DNS server 214 to obtain the 
physical address of the intended recipient. 

[0032] Figure 3 illustrates a set of software components executing on the user computer 
202 in accordance with an embodiment of the invention. The user interacts with a mail 
application program 302 to send and receive email messages. An exemplary mail application 
program is Outlook, by the MICROSOFT CORPORATION of Redmond, Washington. The 
mail application 302 sends and receives both text and binary files, such as executable programs, 
documents or other files. A single message sent or received by the mail application 302 can 
contain text, binary files, or both. Embodiments of the invention facilitate the exchange of 
public cryptographic keys, such as those used in the RSA cryptographic scheme. In such a 
scheme, a user mathematically creates two keys: a private key 304 and a public key 306. The 
user makes the public key 306 available to anyone, while he keeps the private key 304 a secret. 
Although anyone can encrypt a message using the public key 306, only a holder of the private 
key 304 is able to decrypt the encrypted message. The mathematical properties of the scheme 
also allow the user to digitally 'sign' messages by encrypting them with his private key 304. 
Anyone holding the public key 306 can decrypt the message to verify it was written by the user. 
The exemplary RSA scheme is more fully described in U.S. Patent 4,405,829, which is hereby 
incorporated in its entirety by reference. The user computer 202, in an embodiment of the 
invention, contains an encryption/decryption engine 308 for manipulating encrypting and 
decrypting operations involving the private key 304 and public key 306. 
[0033] Embodiments of the invention also contain a random number generator 3 1 0. The 
random number generator 310 preferably produces a string of bits such that it is practically 
infeasible to predict any bit of the sequence given any other bits of the sequence. Thus, it is not 
necessary that the sequence is truly random, but the sequence must appear random to a 
sufficient degree of unpredictability. Embodiments call functions such as the UuidCreate 
function provided by the Microsoft Developer Network, which use pseudo-random number 
generators employing algorithms to generate a globally unique identifier. 
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[0034] Figure 4 shows a typical email message 400 with headers, as used in an 
embodiment of the invention. In embodiments of the invention, the format of an email 
message complies with RFC 822. In the example message 400, a sender claiming to have the 
address "john@uchicagox.edu" is sending a message containing a Microsoft Excel file 401 to a 
recipient at the address "arf@arfdomainxxom". Other attachments, such as public-keys for 
cryptographic protocols, are alternatively attached. Several headers 402 at the top of the 
message contain routing information tracing the route of the message 400 from the sender to 
the recipient. The sender has indicated in a "From" header 404 that his name is "John Smith" 
and his address is "john@uchicagox.edu". The sender also affirms this is his address in the 
signature field 405 in the body of the message. However, other headers, such as the 
"Received" header 406 and the "Return-Path" header 408 indicate the message is actually sent 
from a different address, "john@realaddress.org". In fact, the headers indicating the sender's 
address can be faked, or "spoofed" with varying degrees of difficulty. With some messages, a 
savvy sender can spoof the return addresses to make it impossible to determine with certainty 
the sender's actual address. In other words, the recipient of a message does not always have 
confidence that the message actually came from the purported sender. 

[0035] The message 400 also contains a "To" header 410. The "To" header 410 indicates 
where the message should be sent, in this case to "arf@arfdomainx.com". Unlike the "From" 
headers 404, 405, 406 and 408, the "To" header is difficult to spoof That is, if a sender sends a 
message to a recipient addressed in the "To" field, there is a high degree of confidence that the 
message will reach the recipient, and not be redirected somewhere else instead. 
[0036] Turning to Figure 5, a method is described whereby two users, A and B, of 
networked computers exchange public keys such that each trusts the authenticity of the other, 
in accordance with an embodiment of the invention. The method assumes that each user of the 
two computers has prior knowledge of the other user's email address. The first computer, used 
by user A, generates a unique identifier, UIDl, at step 502 using a random or pseudo-random 
number generator. The unique identifier is sufficiently large that it is difficult to guess. In 
practice, 128 bits suffice to ensure the identifier is unique. The first computer stores UIDl , 
indexed by the email address for user B, at step 504. The first computer sends UIDl, along 
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with user A's public key, to the second computer by using the previously known email address 
of user B, at step 505. 

[0037] The second computer receives the message and stores a copy of UIDl, user A's 
public key, and the email address listed in the "From" field of the message, at step 506. The 
second computer then uses, by way of example, a random or pseudo-random number generator 
to create a unique identifier, UID2, at step 508. UID2 is preferably at least 128 bits in length. 
The second computer sends user B's public key, along with UID2 and a copy of UIDl, to the 
first computer, at step 510. This message, however, is addressed using the previously known 
address for user A, disregarding any return email address in a "From" or "Reply To" field of 
the first message. 

[0038] At step 512, the first computer receives the message from the second computer and 
verifies that the copy of UIDl is accurate, using the email address in the "From" field to index 
the locally stored UIDl . User A then trusts that the public key received from user B is 
authentic (i.e., that it actually came from user B) at step 514. The first computer then sends a 
copy of UID2 back to user B, at step 516. 

[0039] The second computer receives the message and verifies that the copy of UID2 is 
accurate, using the email address in the "From" field to index the locally stored UID2, at step 
518. User B then trusts that the public key received from user A is authentic (i.e., that it 
actually came from user A), at step 520. 

[0040] Figure 6 illustrates a method for using email to send a user's public key such that 
the recipient has confidence that the public key came from the user, in accordance with an 
embodiment of the invention. The user first generates a unique identifier (UIDl) at step 602 
using, by way of example, a random or pseudo-random number generator. The unique 
identifier is sufficiently large that it is difficult to guess. In practice, 128 bits suffice to ensure 
the identifier is unique. At step 604, the user sends an email message containing his public key 
and UIDl to a previously known address for the recipient. The user monitors for a timely 
response that contains a second unique identifier, UID2, at step 606. In some embodiments, a 
timespan for monitoring at step 606 is configurable by the user. If a timely response is not 
received, the user begins again at step 602. Otherwise, the user checks that the response 
contains a copy of UIDl at step 608. If the copy of UIDl is incorrect, the user begins again at 
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Step 602. Otherwise, the user sends an email containing a copy of UID2 to the recipient at step 
610. 

[0041] Figure 7 illustrates a method for using email to receive a sender's public key such 
that the user has confidence that the public key came from the sender, in accordance with an 
embodiment of the invention. The user receives an email at step 702 containing a public key 
and a unique identifier, UIDl . Although the message contains a "From" field identifying a 
sender, the user is not confident that the message actually came from the purported sender. The 
user generates a unique identifier UID2 at step 704 using a random or pseudo-random number 
generator. He sends an email message containing UID2 and a copy of UIDl to the purported 
sender, but by using a previously known address for the sender, at step 706. The user monitors 
for a timely response at step 708. In some embodiments, the amount of time used for 
monitoring at step 708 is configurable by the user. If a timely response is not received, the user 
ends the protocol at step 710. Alternatively, if a timely response is not received, the user 
resends the message containing UID2 and a copy of UIDl at step 706. Otherwise, the user 
checks that the response contains a copy of UID2 at step 712. If the copy of UID2 is incorrect, 
the protocol ends at step 710. Otherwise, the user is convinced that the public key came from 
the purported sender, and begins to trust the key at step 714. 

[0042] Embodiments of the invention further allow the exchange of digital objects other 
than public keys. For example, a first user can use an embodiment of the invention to send a 
document to a second user so that the second user is convinced that it was, indeed, the first user 
who sent the document. More generally, embodiments of the invention enable authentication 
of parties simultaneously with the transmission of digital objects by "bootstrapping" the objects 
to email messages. In the instance when the digital object is a public key, the authenticated key 
can be subsequently used for secure communications between the parties. 
[0043] In view of the many possible embodiments to which the principles of the present 
invention may be applied, it should be recognized that the embodiments described herein with 
respect to the drawing figures are meant to be illustrative only and should not be taken as 
limiting the scope of the invention. For example, those of skill in the art will recognize that the 
illustrated embodiments can be modified in arrangement and detail without departing from the 
spirit of the invention. Although the invention is described in terms of software modules or 
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components, those skilled in the art will recognize that such may be equivalently replaced by 
hardware components. Therefore, the invention as described herein contemplates all such 
embodiments as may come within the scope of the following claims and equivalents thereof 



